Wie können Cybersichherheitsschwachstellen in ihrem System und Design identifiziert werden? In der ersten Phase im IACS Cybersecurity Lifecycle geht es darum, betroffene Unternehmens- und Analgeteile zu identifizieren und zu dokumentieren sowie eine Schwachstellen- und Risikobewertung im Bereich der Cybersicherheit durchzuführen. In unserem Seminar lernen Sie, wie Sie neue oder bestehende Systeme bezüglich ihrer Cybersicherheit analysieren können. Zudem wird Ihnen gezeigt, wie Sie eine entsprechende Cybersecurity Requirements Specification (CRS) entwicklen.
Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
You Will Be Able to:
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
OVERVIEW
Type of event
Zertifikatskurs
Format
Attendance
Graduation
Certificate
Dates, registration deadline and location
- neue Termine in Kürze
Duration
Length 3 days
Language
English
TARGET GROUP
Control Systems engineers and managers
System integrators
IT engineers and managers industrial facilities
IT corporate/security professionals
Plant Safety and Risk Management
CONTENT AND EXPIRATION
Classroom/ Labratory Exercises:
Critiquing system architecture diagrams
Asset Inventory
Gap Assessment
Windows Vulnerability Assessment
Capturing Ethernet Traffic
Port Scanning
Using Vulnerability Scanning Tools
Perform a high-level risk assessment
Creating a zone & conduit diagram
Perform a detailed cyber risk assessment
Critiquing a cybersecurity requirements specification
LEARNING GOALS
- Sie lernen die Grundlagen der Risikoanalyse nach IEC 62443 kennen.
- Sie erhalten einen Überblick über Best Practices im Bereich Sicherheit und Risikoanalyse für industrielle Produktionsanlagen.
- Sie können erste Konzepte auf Ihre Automatisierungsanlage anwenden.
- Diskussionen mit Trainer und Teilnehmenden zur Vertiefung der Inhalte.
SPEAKERS
Dr.-Ing. Christian Haas
M.Sc. David Meier